CVE-2017-5456

critical

Description

A mechanism to bypass file system access protections in the sandbox using the file system request constructor through an IPC message. This allows for read and write access to the local file system. This vulnerability affects Firefox ESR < 52.1 and Firefox < 53.

References

https://access.redhat.com/errata/RHSA-2017:1106

https://bugzilla.mozilla.org/show_bug.cgi?id=1344415

https://www.mozilla.org/security/advisories/mfsa2017-10/

https://www.mozilla.org/security/advisories/mfsa2017-12/

http://www.securitytracker.com/id/1038320

Details

Source: Mitre, NVD

Published: 2018-06-11

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical